// MITRE ATT&CK TTP Tracker

TTP Frequency Heatmap — 30 Day Rolling Window

MITRE ATT&CK techniques observed across all DeepFalcon daily threat intelligence reports over the past 30 days. Updated with each new report. Hover over any cell for technique details.

// Technique Heatmap 30-Day Rolling · Updated June 2, 2026
Initial Access
T1566.001 ×14
T1566.002 ×8
T1190 ×8
T1078.004 ×11
Execution
T1059.001 ×9
T1059.007 ×5
T1204.002 ×7
Credential Access
T1111 ×9
T1539 ×7
T1528 ×6
T1621 ×4
Defense Evasion
T1036.005 ×6
T1027 ×7
T1564.008 ×5
Collection / Exfiltration
T1114.002 ×5
T1041 ×4
T1056.001 ×3
Command & Control
T1102 ×6
T1568.002 ×4
T1534 ×3
High (×9+)
Medium-High (×6–8)
Medium (×3–5)
Low (×1–2)
// Top 10 TTPs 30-Day Frequency Ranking
Technique IDNameTacticFrequencyTrend
T1566.001Spearphishing LinkInitial Access
×14
T1078.004Valid Cloud AccountsDefense Evasion
×11
T1111MFA InterceptionCredential Access
×9
T1059.001PowerShellExecution
×9
T1190Exploit Public-Facing AppInitial Access
×8
T1566.002Spearphishing via ServiceInitial Access
×8
T1027Obfuscated FilesDefense Evasion
×7
T1539Steal Web Session CookieCredential Access
×7
T1204.002Malicious FileExecution
×7
T1528Steal Application Access TokenCredential Access
×6
// Window Stats
Period30-day rolling
Last updatedJun 2, 2026
Reports analyzed30
TTPs tracked47
Top tacticInitial Access
Top techniqueT1566.001
Rising TTPsT1059.001 ↑
// MITRE Reference
All technique IDs link directly to the MITRE ATT&CK framework entry. Click any technique ID in the table for full documentation.
Open MITRE ATT&CK →
// Access Notice
The 30-day TTP heatmap and downloadable TTP feed are available to Tier 2 and Tier 3 subscribers. This preview shows the current 30-day window.
Subscribe Free →